Methods and systems for attribute based group access control
Abstract
A method for attribute based group access control includes receiving, by a data event monitor of an access control management system, a notification identifying a data object uploaded to a data store. The method includes analyzing, by the data event monitor, at least one characteristic of the data object, wherein analyzing further comprises analyzing metadata associated with the data object. The method includes generating, by a data analysis engine of the access control management system, based upon the analyzing, at least one attribute-based access control rule. The method includes associating, by an access group generator of the access control management system, a group identifier with the data object, the group identifier specifying a type of user satisfying the at least one attribute-based access control rule.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method, performed by at least one computer processor executing computer program instructions stored on at least one non-transitory computer-readable medium, for attribute based group access control, comprising:
receiving, by a data event monitor of an access control management system, a notification identifying a data object uploaded to a data store; analyzing, by the data event monitor, at least one characteristic of the data object, wherein analyzing further comprises analyzing metadata associated with the data object; generating, by a data analysis engine of the access control management system, responsive to the analyzing, at least one attribute-based access control rule; and associating, by an access group generator of the access control management system, a group identifier with the data object, the group identifier specifying a type of user satisfying the at least one attribute-based access control rule.
2 . The method of claim 1 wherein receiving, by the data event monitor, the notification further comprises receiving, by the data event monitor, the notification upon completion of process of uploading the data object to the data store.
3 . The method of claim 1 further comprising transmitting, by the data event monitor, to the data analysis engine, an identification of the data object.
4 . The method of claim 1 , wherein analyzing further comprises executing a tagging function to extract at least one data attribute from the metadata.
5 . The method of claim 4 , wherein generating further comprises generating the at least one attribute-based access control rule using the extracted at least one data attribute.
6 . The method of claim 1 , wherein generating further comprises translating, by the data analysis engine, the at least one characteristic into an attribute based access control rule.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.